Spring Security
  1. Spring Security
  2. SEC-1258

SavedRequestAwareWrapper causes trouble in 3.0 M2 in combination with Spring MVC

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Duplicate
    • Affects Version/s: 3.0.0 M2
    • Fix Version/s: 3.0.0 RC1
    • Component/s: None
    • Labels:
      None

      Description

      Incoming requests seem to be wrapped by SavedRequestAwareWrapper in M2 of 3.0. Unfortunately this causes the request to return the method of a previously saved request instead of the current one. This is especially problematic if you do a POST after a GET. If you use Spring MVC e.g. and map one method to a URL handling GET requests, and one handling POST requests this does not work anymore as the wrapped request returns GET as method which is the wrong one apparently. Very obfuscating in this case is, that because every access to the method potentially returns the wrong HTTP method (in the example GET instead of actually sent POST), log output is also invalid. We spent some hours trying to find out why there is a GET received at the server side although a POST was sent .

        Activity

        Hide
        Luke Taylor added a comment -

        This looks very like a duplicate of SEC-1241.

        Show
        Luke Taylor added a comment - This looks very like a duplicate of SEC-1241 .
        Hide
        Oliver Gierke added a comment -

        Rolling back to M1 pretty much works for us but rather because there are no requests saved anymore. So it seems there's something changed in the logic which requests to be save and which not?

        Show
        Oliver Gierke added a comment - Rolling back to M1 pretty much works for us but rather because there are no requests saved anymore. So it seems there's something changed in the logic which requests to be save and which not?
        Hide
        Luke Taylor added a comment -

        Try with a snapshot. This is almost certainly a duplicate of SEC-1241.

        Show
        Luke Taylor added a comment - Try with a snapshot. This is almost certainly a duplicate of SEC-1241 .
        Hide
        Oliver Gierke added a comment -

        It sound like this. Have just been searching for SavedrequestAwareWrapper which was not mentioned in the other ticket. Feel free to close this one entirely as it matches the other one exactly .

        Show
        Oliver Gierke added a comment - It sound like this. Have just been searching for SavedrequestAwareWrapper which was not mentioned in the other ticket. Feel free to close this one entirely as it matches the other one exactly .

          People

          • Assignee:
            Luke Taylor
            Reporter:
            Oliver Gierke
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: